Delvy

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Vehicle Record System version 1.0 **Description** A critical issue has been found in the processing of the file /admin/search-vehicle.php. The manipulation of the `searchinputdata` argument leads to SQL injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For PHPGurukul Vehicle Record System version 1.0, consider restricting access to the /admin/search-vehicle.php file until a patch is available. As a temporary workaround, avoid using the `searchinputdata` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SourceCodeHero Clothes Recommendation System version 1.0 **Description** A critical issue affects the Admin Login Page component, specifically the /admin/index.php file, where the manipulation of the `t1` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For SourceCodeHero Clothes Recommendation System version 1.0, as a temporary workaround, consider restricting access to the /admin/index.php file until a patch is available. Avoid using the `t1` argument in the affected Admin Login Page component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodeHero Clothes Recommendation System version 1.0 **Description** A critical issue has been discovered, allowing for SQL injection through the manipulation of the `cat`, `subcat`, `t1`, `t2`, and `text` arguments in the `/admin/home.php?con=add` endpoint. This can be exploited remotely. **Recommendations** For SourceCodeHero Clothes Recommendation System version 1.0, as a temporary workaround, consider restricting access to the `/admin/home.php?con=add` endpoint until a patch is available. Avoid using the `cat`, `subcat`, `t1`, `t2`, and `text` arguments in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodeHero Clothes Recommendation System version 1.0 **Description** A critical issue was found in the system, affecting an unknown functionality of the file /admin/home.php. The manipulation of the `view` argument, specifically `view1`, leads to SQL injection. This issue can be exploited remotely. **Recommendations** For SourceCodeHero Clothes Recommendation System version 1.0, consider restricting access to the /admin/home.php file and the `view` argument to minimize the risk of exploitation. Avoid using the `view1` value for the `view` argument until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Medical Card Generation System version 1.0 **Description** A critical issue has been identified in the Report of Medical Card Page component, specifically in the /admin/card-bwdates-reports-details.php file. The issue allows for SQL injection through the manipulation of the `fromdate` and `todate` arguments. This can be exploited remotely. **Recommendations** For PHPGurukul Medical Card Generation System version 1.0, consider restricting access to the /admin/card-bwdates-reports-details.php file until a fix is available. As a temporary workaround, avoid using the `fromdate` and `todate` arguments in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Medical Card Generation System version 1.0 **Description** A critical issue has been discovered, affecting the Managecard Edit Card Detail Page component, specifically the /admin/edit-card-detail.php file. The manipulation of the `editid` argument leads to SQL injection. This issue can be exploited remotely. The exploit details have been publicly disclosed. **Recommendations** For PHPGurukul Medical Card Generation System version 1.0, consider restricting access to the /admin/edit-card-detail.php file until a fix is available, and avoid using the `editid` argument in the affected page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Medical Card Generation System version 1.0 **Description** A critical issue has been found in the View Enquiry Page component, specifically affecting the file /admin/view-enquiry.php. The manipulation of the `viewid` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For PHPGurukul Medical Card Generation System version 1.0, consider restricting access to the /admin/view-enquiry.php file until a fix is available, and avoid using the `viewid` argument in this context to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Medical Card Generation System version 1.0 **Description** A critical issue was found in the Search component of the system, specifically in the /admin/search-medicalcard.php file. The manipulation of the `searchdata` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For PHPGurukul Medical Card Generation System version 1.0, as a temporary workaround, consider restricting access to the /admin/search-medicalcard.php file until a patch is available. Avoid using the `searchdata` argument in the affected API endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Food Menu version 1.0 Description: A critical issue has been found in the processing of the file `/endpoint/delete-menu.php`. The manipulation of the argument `menu` leads to SQL injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Recommendations: For SourceCodester Online Food Menu version 1.0, as a temporary workaround, consider disabling the `/endpoint/delete-menu.php` file until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the `menu` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Invoice Generator System version 1.0 Description: A critical issue was found in the system, affecting an unknown function of the file /save invoice.php. The manipulation of the arguments `invoice code`, `customer`, `cashier`, `total amount`, `discount percentage`, `discount amount`, and `tendered amount` leads to SQL injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Recommendations: For SourceCodester Simple Invoice Generator System version 1.0, consider disabling the affected function in the /save invoice.php file until a patch is available. Restrict access to the /save invoice.php file to minimize the risk of exploitation. Avoid using the arguments `invoice code`, `customer`, `cashier`, `total amount`, `discount percentage`, `discount amount`, and `tendered amount` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SourceCodester PHP CRUD version 1.0 Description: A critical issue has been found in the Delete Person Handler component, specifically in the file /endpoint/delete.php. The manipulation of the `person` argument leads to SQL injection. This issue can be exploited remotely. Recommendations: For version 1.0, consider disabling the /endpoint/delete.php endpoint until a patch is available to prevent SQL injection attacks. Restrict access to the Delete Person Handler component to minimize the risk of exploitation. Avoid using the `person` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SourceCodester PHP CRUD version 1.0 Description: A vulnerability was found in the software, classified as problematic. It affects the file /endpoint/update.php, where the manipulation of the `first name`, `middle name`, and `last name` arguments leads to cross-site scripting. The attack can be initiated remotely. Recommendations: For version 1.0, consider disabling the update functionality in the /endpoint/update.php file until a patch is available. Restrict access to the `first name`, `middle name`, and `last name` arguments in the affected endpoint to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: SourceCodester PHP CRUD version 1.0 Description: A critical issue has been identified, affecting the file /endpoint/update.php. The manipulation of the arguments `tbl person id`, `first name`, `middle name`, and `last name` can lead to SQL injection. This issue can be exploited remotely. The exploit has been publicly disclosed and may be used. Recommendations: For SourceCodester PHP CRUD version 1.0, as a temporary workaround, consider restricting access to the /endpoint/update.php file until a patch is available. Avoid using the arguments `tbl person id`, `first name`, `middle name`, and `last name` in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.